You can view the rules to be added in the local.te file. If you are satisfied, run the "semodule -i local.pp" command to install the module. You can mail an SELinux list, such as the [https://www.redhat.com/mailman/listinfo/fedora-selinux-list Fedora SELinux list] or the [http://www.nsa.gov/research/selinux/list.shtml NSA SELinux mailing list], to ask for review of your module before you install it.

+

You can view the rules to be added in the local.te file. If you are satisfied, run the "semodule -i local.pp" command to install the module. You can mail an SELinux list, such as the [https://admin.fedoraproject.org/mailman/listinfo/selinux Fedora SELinux list] or the [http://www.nsa.gov/research/selinux/list.shtml NSA SELinux mailing list], to ask for review of your module before you install it.

[[Category:Recipes]]

[[Category:Recipes]]

Current revision

If SELinux is denying access for something you believe should be allowed, you can add rules to your policy with the audit2allow program.

First, run the "ps -ef | grep auditd" command to find out if auditd is running:

If auditd is running, as shown above, use the "-a" option with audit2allow. If it is not running, use the "-d" option.

The "-l" option reads denials since the last policy reload, and the "-M" option creates a module with rules to allow those denials.

Do not use the "-M" option to specify the same module name more than once. For example, if you run the command below once with "-M local", and want to run it again later, choose a different name, such as "-M local2".

You can view the rules to be added in the local.te file. If you are satisfied, run the "semodule -i local.pp" command to install the module. You can mail an SELinux list, such as the Fedora SELinux list or the NSA SELinux mailing list, to ask for review of your module before you install it.